Pamela W. Baker, CPA, CGFM, Barbacane, Thornton & Company LLP

Most of what a CPA learns in college is the technical understanding of accounting principles and auditing techniques designed to ensure that an opinion can be rendered on the fair presentation of financial statements. Interviewing skills, people skills, and relationship building are not typically taught. But, these skills are an integral part of the process of conducting an independent audit, where the auditor is assessing fraudulent financial statement reporting or misappropriation of assets. This was driven home in 2002, when generally accepted auditing standards (AU-C 250) were revised to incorporate enhanced procedures for designing an audit to include consideration of fraud.

Interviewing key members of management and those charged with governance about their organizational fraud risk assessment is outside the comfort zone of many CPAs. This was new and unfamiliar territory. Interviewing had been limited to asking about internal controls – more of a process-driven discussion to help understand the flow of activity, determine controls, and design testing. Many wondered if clients would think that the focus changed, and that the auditor thought there was fraud throughout the organization or that the expectation gap would widen and clients would think that the audit was focused mainly on detecting fraud. It is the auditor’s responsibility to address fraud risk while not expanding the scope of the audit to guarantee that if fraud existed it would be discovered by a financial statement audit

Knowing What Questions to Ask and Why
AU-C 250 provides assistance defining what questions to ask. For example, auditors are required to ask if those interviewed are aware of allegations of fraud or suspected fraud, and if they have first-hand knowledge of actual fraud. It is also important to ask management and those charged with governance these questions:

• What does the organization do to assess fraud risk?
• How does management communicate the importance of ethical behavior to employees?
• How does management share appropriate business practices with employees?

• Finding out about the background and skill set of the person being interviewed, and if they will be able to understand what is being asked.
• Defining fraud in the context of the interview.
• Preparing examples that help convey where the questions are originating from, and, at the same time, relax the individual being interviewed.

When performing fraud risk inquiries during an independent audit, it is important for the auditor to convey that part of what is being assessed, as a result of the responses provided, is the organization’s culture. In planning the nature and extent of substantive testing, the tone at the top provides some context into how effective the internal controls will be. The auditor needs to know how suspected or known fraud would be addressed.

There are frequently deadlines and time constraints in the world of auditing; but you must remember to take your time. A successful fraud interview is more than completing a questionnaire. One key to success is to come away from the interview with the sense that fraud (or the potential for fraud) is understood and will not be tolerated by the organization. It may take practice, but for those who put the time into understanding its significance, the results will be worth it.

Hear more from Pamela Baker, CPA, CGFM, on how effective fraud interviews can enhance audit results at the PICPA’s School District Conference on June 2. See the full agenda and register.